services: traefik: image: traefik:v3.2 container_name: traefik command: - "--api.insecure=true" - "--api.dashboard=true" - "--api.debug=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" - "--certificatesresolvers.letsencrypt.acme.email=webmaster@do-bbs.com" - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" - "--accesslog.filepath=/data/access.log" - "--accesslog.format=json" - --providers.file.filename=/dynamic.yml - --providers.file.watch=true ports: - "80:80" - "443:443" - "8080:8080" networks: - external volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - ./letsencrypt:/letsencrypt - ./data/traefik:/data - ./dynamic.yml:/dynamic.yml:ro - ./data/calibre/htpasswd.list:/htpasswd.list labels: - "traefik.enable=true" - "traefik.http.routers.traefik-dashboard.entrypoints=websecure" - "traefik.http.routers.traefik-dashboard.service=api@internal" - "traefik.http.routers.traefik-dashboard.tls=true" restart: unless-stopped dav: image: ckulka/baikal:nginx container_name: baikal environment: MSMTPRC: | defaults auth on tls on tls_trust_file /etc/ssl/certs/ca-certificates.crt account default host smtp.protonmail.ch port 587 from mail@do-bbs.com user mail@do-bbs.com password ${BAIKAL_ADMIN_TOKEN} networks: - external volumes: - ./data/baikal/Specific:/var/www/baikal/Specific - ./data/baikal/config:/var/www/baikal/config - ./data/baikal/50-add-sharing-plugin.sh:/docker-entrypoint.d/50-add-sharing-plugin.sh labels: - "traefik.enable=true" - "traefik.http.routers.baikal.entrypoints=websecure" - "traefik.http.routers.baikal.rule=Host(`dav.do-bbs.com`)" - "traefik.http.routers.baikal.tls=true" - "traefik.http.routers.baikal.tls.certresolver=letsencrypt" - "traefik.http.services.baikal.loadbalancer.server.port=80" healthcheck: test: ["CMD", "curl", "-f", "https://hc-ping.com/d15fee2e-17ad-42bb-a573-591f45d3532b"] interval: 3600s timeout: 10s retries: 5 start_period: 30s restart: unless-stopped vaultwarden: image: vaultwarden/server:latest container_name: vaultwarden environment: - SIGNUPS_ALLOWED=false - INVITES_ALLOWED=false # - ADMIN_TOKEN=${VAULT_ADMIN_TOKEN} - ADMIN_TOKEN=IFdsg.ORGOTARON123nsl - DOMAIN=https://vault.do-bbs.com - LOG_LEVEL=warn - LOG_FILE=/data/vaultwarden.log - TZ=Europe/London networks: - external volumes: - ./data/vaultwarden:/data labels: - traefik.enable=true - traefik.http.middlewares.redirect-https.redirectScheme.scheme=https - traefik.http.middlewares.redirect-https.redirectScheme.permanent=true - traefik.http.routers.vaultwarden-https.rule=Host(`vault.do-bbs.com`) - traefik.http.routers.vaultwarden-https.entrypoints=websecure - traefik.http.routers.vaultwarden-https.tls=true - traefik.http.routers.vaultwarden.tls.certresolver=letsencrypt - traefik.http.routers.vaultwarden-https.service=vaultwarden - traefik.http.routers.vaultwarden-http.rule=Host(`vault.do-bbs.com`) - traefik.http.routers.vaultwarden-http.entrypoints=web - traefik.http.routers.vaultwarden-http.middlewares=redirect-https - traefik.http.routers.vaultwarden-http.service=vaultwarden - traefik.http.services.vaultwarden.loadbalancer.server.port=80 healthcheck: test: ["CMD", "curl", "-f", "https://hc-ping.com/8d7c299a-9594-4f5b-bc1f-9d916ef530e6"] interval: 3600s timeout: 10s retries: 5 start_period: 30s restart: unless-stopped vaultwarden_backup: image: ttionya/vaultwarden-backup:latest container_name: vaultwarden-backup restart: always environment: RCLONE_REMOTE_DIR: '/system/backups/vaultwarden/' PING_URL_WHEN_SUCCESS: 'https://hc-ping.com/c03ac1a9-076a-415b-a378-bca245118672' labels: - traefik.enable=false volumes: - ./data/vaultwarden:/bitwarden/data/ - vaultwarden-rclone-data:/config/ immich_server: container_name: immich_server image: ghcr.io/immich-app/immich-server:${IMMICH_VERSION:-release} volumes: - ${UPLOAD_LOCATION}:/data - /etc/localtime:/etc/localtime:ro env_file: .env environment: - REDIS_HOSTNAME=immich_redis - DB_HOSTNAME=immich_database networks: - external - internal labels: - "traefik.enable=true" - "traefik.docker.network=external" - "traefik.http.routers.immich.rule=Host(`photos.do-bbs.com`)" - "traefik.http.routers.immich.entrypoints=websecure" - "traefik.http.services.immich.loadbalancer.server.port=2283" - "traefik.http.routers.immich.tls=true" - "traefik.http.routers.immich.tls.certresolver=letsencrypt" depends_on: - immich_redis - immich_database healthcheck: test: ["CMD", "curl", "-f", "https://hc-ping.com/583d761e-8899-4b15-be2c-d0a11f6c3f6a"] interval: 3600s timeout: 10s retries: 5 start_period: 30s restart: always immich_machine_learning: container_name: immich-machine-learning image: ghcr.io/immich-app/immich-machine-learning:${IMMICH_VERSION:-release} volumes: - model-cache:/cache env_file: - .env networks: - internal restart: always immich_redis: container_name: immich_redis image: docker.io/valkey/valkey:8-bookworm@sha256:fea8b3e67b15729d4bb70589eb03367bab9ad1ee89c876f54327fc7c6e618571 healthcheck: test: redis-cli ping || exit 1 networks: - internal restart: always immich_database: container_name: immich_postgres image: ghcr.io/immich-app/postgres:14-vectorchord0.4.3-pgvectors0.2.0@sha256:41eacbe83eca995561fe43814fd4891e16e39632806253848efaf04d3c8a8b84 environment: POSTGRES_PASSWORD: ${DB_PASSWORD} POSTGRES_USER: ${DB_USERNAME} POSTGRES_DB: ${DB_DATABASE_NAME} POSTGRES_INITDB_ARGS: '--data-checksums' volumes: - ${DB_DATA_LOCATION}:/var/lib/postgresql/data shm_size: 128mb networks: - internal restart: always obsidian_db: image: couchdb:latest container_name: couchdb-ols env_file: .env labels: - "traefik.enable=true" - "traefik.docker.network=traefik" - "traefik.http.routers.couchdb.rule=Host(`couchdb.do-bbs.com`)" - "traefik.http.routers.couchdb.entrypoints=websecure" - "traefik.http.services.couchdb.loadbalancer.server.port=5984" - "traefik.http.routers.couchdb.tls=true" - "traefik.http.routers.couchdb.tls.certresolver=letsencrypt" - "traefik.http.routers.couchdb.middlewares=obsidiancors" - "traefik.http.middlewares.obsidiancors.headers.accesscontrolallowmethods=GET,PUT,POST,HEAD,DELETE" - "traefik.http.middlewares.obsidiancors.headers.accesscontrolallowheaders=accept,authorization,content-type,origin,referer" - "traefik.http.middlewares.obsidiancors.headers.accesscontrolalloworiginlist=app://obsidian.md,capacitor://localhost,http://localhost" - "traefik.http.middlewares.obsidiancors.headers.accesscontrolmaxage=3600" - "traefik.http.middlewares.obsidiancors.headers.addvaryheader=true" - "traefik.http.middlewares.obsidiancors.headers.accessControlAllowCredentials=true" environment: - COUCHDB_USER=${COUCHDB_USER} - COUCHDB_PASSWORD=${COUCHDB_PASSWORD} volumes: - ./data/couchdb/couchdb-data:/opt/couchdb/data - ./data/couchdb/couchdb-etc:/opt/couchdb/etc/local.d networks: - external healthcheck: test: ["CMD", "curl", "-f", "https://hc-ping.com/abbaa192-dadc-4241-b1a5-b2e4dbb50735"] interval: 3600s timeout: 10s retries: 5 start_period: 30s restart: always calibre_web: image: crocodilestick/calibre-web-automated:dev container_name: calibre-web-automated env_file: - .env environment: - PUID=33 - PGID=33 - TZ=UTC - HARDCOVER_TOKEN=${HARD_API} - NETWORK_SHARE_MODE=true - CWA_PORT_OVERRIDE=8083 - DOCKER_MODS=lscr.io/linuxserver/mods:universal-calibre-v8.7.0 volumes: - ./data/calibre-web/data:/config - ./data/calibre-web/meta:/calibre-library - /mnt/athena/books/library:/calibre-library/athena - ./data/calibre-web/ingest:/cwa-book-ingest - ./data/calibre-web/plugins:/config/.config/calibre/plugins labels: - "traefik.enable=true" - "traefik.docker.network=external" - "traefik.http.routers.cwa.rule=Host(`cwa.do-bbs.com`)" - "traefik.http.routers.cwa.entrypoints=websecure" - "traefik.http.services.cwa.loadbalancer.server.port=8083" - "traefik.http.routers.cwa.tls=true" - "traefik.http.routers.cwa.tls.certresolver=letsencrypt" networks: - external healthcheck: test: ["CMD", "curl", "-f", "https://hc-ping.com/313b09fb-f4c6-4fe8-b3d8-47929974c247"] interval: 3600s timeout: 10s retries: 5 start_period: 30s restart: unless-stopped calibre_web_downloader: image: ghcr.io/calibrain/calibre-web-automated-book-downloader:latest container_name: calibre-web-automated-book-downloader env_file: .env environment: FLASK_PORT: 8084 FLASK_DEBUG: false LOG_LEVEL: info BOOK_LANGUAGE: en USE_BOOK_TITLE: true TZ: UTC APP_ENV: prod UID: 33 GID: 33 CWA_DB_PATH: /auth/app.db INGEST_DIR: /cwa-book-ingest MAX_CONCURRENT_DOWNLOADS: 3 DOWNLOAD_PROGRESS_UPDATE_INTERVAL: 5 AA_DONATOR_KEY: ${AA_KEY} USE_CF_BYPASS: false labels: - "traefik.enable=true" - "traefik.docker.network=external" - "traefik.http.routers.cwabd.rule=Host(`cwabd.do-bbs.com`)" - "traefik.http.routers.cwabd.entrypoints=websecure" - "traefik.http.services.cwabd.loadbalancer.server.port=8084" - "traefik.http.routers.cwabd.tls=true" - "traefik.http.routers.cwabd.tls.certresolver=letsencrypt" volumes: - ./data/calibre-web/ingest:/cwa-book-ingest - ./data/calibre-web/data/app.db:/auth/app.db:ro networks: - external - internal restart: unless-stopped flaresolverr: image: ghcr.io/flaresolverr/flaresolverr:latest networks: - internal volumes: model-cache: vaultwarden-rclone-data: external: true name: vaultwarden-rclone-data networks: external: name: external internal: name: internal